Large organization data breaches are becoming more of a regular news story. Not because of careless organizations, but because of the large uptick of cyber crime activity. Marriott is in the spotlight right now as the latest large organization suffering through a large data breach of their client databases.
Marriott reports that as early as 2014, an unknown cyber entity has unlawfully accessed their client records of more than 500 million clients. Information unlawfully accessed include client passport information, credit card numbers, as well as personal information such as home addresses and phone numbers.
Let’s be very clear on the situation. Marriott lawfully reported this breach to authorities, thus the reason the public is aware of the compromise, and sorry to say, but Marriott is more than likely not the only organization experiencing this type of compromise. They are simply sophisticated enough to spot it, and ethical enough to report it.
Having said that Marriott will be in the spotlight for a while as they still have an obligation to take necessary measures to protect client data. In the coming weeks, Marriott will conduct a further investigation into the compromise and hopefully disclose more details.
It is not uncommon for an organization to discover that a breach has been found and has been active in their environment for several years. It is of paramount importance for business owners to conduct a cyber threat health check-up, or a threat hunting engagement on at least an annual basis, to check for sneaky bad guys like these recent bad actors.
Marriott has released a program where victims of the possible leakage can enroll into a free monitoring of their identity program. For those that can’t sleep at night when events like this happen, a free monitoring service is helpful, but not entirely necessary. If you believe your information may have been compromised in this incident, simply keep a close eye on credit card activity as well as possible unauthorized openings of accounts in your name. A link to a recent Ivory Intel Blog covering this topic can be accessed here: https://www.ivoryintel.com/inside-the-intel/how-are-you-monitoring-your-identity-and-credit-score .